Fix bug #9214 - Bad user supplied SMB2 credit value can cause smbd to call smb_panic.

Terminate the connection cleanly instead.
author: Jeremy Allison <jra@samba.org> 2012-10-02 17:30:54 -0700
committer: Jeremy Allison <jra@samba.org> 2012-10-03 12:49:15 -0700
commit: c2f5b2466bb05939c953341517da6d9df814b27c (patch)
tree: 56270917e38695ad83bae478a696d43ad181eac7
parent: 3983515a0d2222c9e559d83f37ec0a4c5820b56d (diff)
download: samba-c2f5b2466bb05939c953341517da6d9df814b27c.tar.gz
samba-c2f5b2466bb05939c953341517da6d9df814b27c.tar.bz2
samba-c2f5b2466bb05939c953341517da6d9df814b27c.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index dcaefb1689..d92302ede5 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -780,7 +780,12 @@ static void smb2_set_operation_credit(struct smbd_server_connection *sconn,
 	out_status = NT_STATUS(IVAL(outhdr, SMB2_HDR_STATUS));
 
 	SMB_ASSERT(sconn->smb2.max_credits >= sconn->smb2.credits_granted);
-	SMB_ASSERT(sconn->smb2.max_credits >= credit_charge);
+
+	if (sconn->smb2.max_credits < credit_charge) {
+		smbd_server_connection_terminate(sconn,
+			"client error: credit charge > max credits\n");
+		return;
+	}
 
 	if (out_flags & SMB2_HDR_FLAG_ASYNC) {
 		/*
author	Jeremy Allison <jra@samba.org>	2012-10-02 17:30:54 -0700
committer	Jeremy Allison <jra@samba.org>	2012-10-03 12:49:15 -0700
commit	c2f5b2466bb05939c953341517da6d9df814b27c (patch)
tree	56270917e38695ad83bae478a696d43ad181eac7
parent	3983515a0d2222c9e559d83f37ec0a4c5820b56d (diff)
download	samba-c2f5b2466bb05939c953341517da6d9df814b27c.tar.gz samba-c2f5b2466bb05939c953341517da6d9df814b27c.tar.bz2 samba-c2f5b2466bb05939c953341517da6d9df814b27c.zip